go gnupg/clearsign issues
Bug #1828905 reported by
Seth Arnold
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
aptly (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned | ||
autodeb (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned | ||
candid (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned | ||
charm (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned | ||
golang-go.crypto (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned | ||
golang-pault-go-archive (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned | ||
golang-pault-go-debian (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned | ||
juju-core (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned | ||
juju-core-1 (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned | ||
lxd (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
mongo-tools (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned | ||
mongodb (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned | ||
singularity-container (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
Hello, SEC Consult has reported an issue with Go's implementation of openpgp clear signatures:
https:/
https:/
This appears to affect a lot of code in the archive.
CVE-2019-11841 has been assigned to this issue.
Thanks
Changed in aptly (Ubuntu): | |
status: | New → Confirmed |
Changed in autodeb (Ubuntu): | |
status: | New → Confirmed |
Changed in candid (Ubuntu): | |
status: | New → Confirmed |
Changed in charm (Ubuntu): | |
status: | New → Confirmed |
Changed in golang-go.crypto (Ubuntu): | |
status: | New → Confirmed |
Changed in golang-pault-go-archive (Ubuntu): | |
status: | New → Confirmed |
Changed in golang-pault-go-debian (Ubuntu): | |
status: | New → Confirmed |
Changed in juju-core (Ubuntu): | |
status: | New → Confirmed |
Changed in juju-core-1 (Ubuntu): | |
status: | New → Confirmed |
Changed in mongo-tools (Ubuntu): | |
status: | New → Confirmed |
Changed in mongodb (Ubuntu): | |
status: | New → Confirmed |
Changed in singularity-container (Ubuntu): | |
status: | New → Confirmed |
To post a comment you must log in.
$ rg -j 8 -uu -g '*.go' golang. org/x/crypto/ openpgp/ clearsign g/golang- pault-go- archive/ golang- pault-go- archive_ 1.0-1/archive. go org/x/crypto/ openpgp/ clearsign"
universe/
14: "golang.
universe/ a/aptly/ aptly_1. 3.0-6/pgp/ internal. go org/x/crypto/ openpgp/ clearsign"
17: "golang.
universe/ a/aptly/ aptly_1. 3.0+ds1- 2.2/pgp/ internal. go org/x/crypto/ openpgp/ clearsign"
17: "golang.
universe/ a/aptly/ aptly_1. 3.0+ds1- 2/pgp/internal. go org/x/crypto/ openpgp/ clearsign"
17: "golang.
universe/ a/aptly/ aptly_1. 2.0-3/pgp/ internal. go org/x/crypto/ openpgp/ clearsign"
17: "golang.
universe/ g/golang- pault-go- debian/ golang- pault-go- debian_ 0.4-1/control/ parse.go org/x/crypto/ openpgp/ clearsign"
29: "golang.
universe/ g/golang- pault-go- debian/ golang- pault-go- debian_ 0.5-1/control/ parse.go org/x/crypto/ openpgp/ clearsign"
33: "golang.
universe/ g/golang- pault-go- debian/ golang- pault-go- debian_ 0.9-1/control/ parse.go org/x/crypto/ openpgp/ clearsign"
33: "golang.
main/g/ golang- go.crypto/ golang- go.crypto_ 0.0~git20151201 .0.7b85b09- 2/openpgp/ clearsign/ clearsign. go org/x/crypto/ openpgp/ clearsign"
10:package clearsign // import "golang.
main/g/ golang- go.crypto/ golang- go.crypto_ 0.0~git20170629 .0.5ef0053- 1ubuntu1/ openpgp/ clearsign/ clearsign. go org/x/crypto/ openpgp/ clearsign"
10:package clearsign // import "golang.
universe/ s/singularity- container/ singularity- container_ 3.0.3+ds- 1/pkg/signing/ signing. go org/x/crypto/ openpgp/ clearsign"
20: "golang.
universe/ a/autodeb/ autodeb_ 0.20.0- 1/internal/ pgp/pgp. go org/x/crypto/ openpgp/ clearsign"
12: "golang.
universe/ g/golang- go.crypto/ golang- go.crypto_ 0.0~git20181203 .505ab14- 1/openpgp/ clearsign/ clearsign. go org/x/crypto/ openpgp/ clearsign"
10:package clearsign // import "golang.
universe/ g/golang- go.crypto/ golang- go.crypto_ 0.0~git20170629 .0.5ef0053- 2/openpgp/ clearsign/ clearsign. go org/x/crypto/ openpgp/ clearsign"
10:package clearsign // import "golang.
universe/ g/golang- go.crypto/ golang- go.crypto_ 0.0~git20180614 .a8fb68e- 1/openpgp/ clearsign/ clearsign. go org/x/crypto/ openpgp/ clearsign"
10:package clearsign // import "golang.
main/j/ juju-core/ juju-core_ 2.0~beta4- 0ubuntu2/ src/golang. org/x/crypto/ openpgp/ clearsign/ clearsign. go org/x/crypto/ openpgp/ clearsign"
10:package clearsign // import "golang.
main/j/ juju-core/ juju-core_ 2.0.2-0ubuntu0. 16.04.2/ src/golang. org/x/crypto/ openpgp/ clearsign/ clearsign. go org/x/crypto/ openpgp/ clearsign"
10:package clearsign // import "golang.
main/j/ juju-core/ juju-core_ 2.0~beta4- 0ubuntu2/ src/github. com/juju/ juju/environs/ simplestreams/ encode. go org/x/crypto/ openpgp/ clearsign"
12: "golang.
main/j/ juju-core/ juju-core_ 2.0~beta4- 0ubuntu2/ src/github. com/juju/ juju/environs/ simplestreams/ decode. go org/x/crypto/ openpgp/ clearsign"
13: "golang.
main/j/ juju-core/ juju-core_ 2.3.7-0ubuntu0. 16.04.1/ src/golang. org/x/crypto/ openpgp/ clearsign/ clearsign. go org/x/crypto/ openpgp/ clearsign"
10:package clearsign // import "golang.
main/j/ juju-core/ juju-core_ 2.0.2-0ubuntu0. 16.04.2/ src/github. com/juju/ juju/environs/ simplestreams/ decode. go org/x/crypto/ openpgp/ clearsign"
13: "golang.
main/j/ juju-core/ juju-core_ 2.0.2-0ubuntu0. 16.04.2/ src/github. com/juju/ juju/environs/ simplestreams/ encode. go org/x/crypto/ openpgp/ clearsign"
12: "golang.
main/j/ juju-core/ juju-c. ..